Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
Ninjaforms Ninja Forms 3.4.22
6.1
CVSSv3
CVE-2022-0889
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated malicious users to ...
Ninjaforms Ninja Forms File Uploads
8.1
CVSSv3
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
9.8
CVSSv3
CVE-2022-0888
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated malicious users ...
Ninjaforms Ninja Forms File Uploads
4.8
CVSSv3
CVE-2023-4109
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin prior to 3.6.26 was affected by a HTML Injection security vulnerability.
Ninjaforms Ninja Forms Contact Form
6.1
CVSSv3
CVE-2023-2333
The Ninja Forms Google Sheet Connector WordPress plugin prior to 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin up to and including 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be use...
Gsheetconnector Ninja Forms Google Sheet Connector
9.8
CVSSv3
CVE-2023-5601
The WooCommerce Ninja Forms Product Add-ons WordPress plugin prior to 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.
Atomicwebstrategy Woocommerce Ninja Forms Product Add-ons
1 Github repository
6.1
CVSSv3
CVE-2023-37982
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a up t...
Crmperks Integration For Salesforce And Contact Form 7\\, Wpforms\\, Elementor\\, Ninja Forms
6.1
CVSSv3
CVE-2023-31095
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a up to and ...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
6.1
CVSSv3
CVE-2023-47779
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: ...
Crmperks Integration For Constant Contact And Contact Form 7\\, Wpforms\\, Elementor\\, Ninja
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »